The Transition from Classical to Post-Quantum Cryptography
draft-hoffman-c2pq-04

Document Type Expired Internet-Draft (cfrg RG)
Last updated 2019-02-14 (latest revision 2018-08-13)
Stream IRTF
Intended RFC status Informational
Formats
Expired & archived
plain text pdf html bibtex
Stream IRTF state Candidate RG Document
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to irsg@irtf.org

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-hoffman-c2pq-04.txt

Abstract

Quantum computing is the study of computers that use quantum features in calculations. For over 20 years, it has been known that if very large, specialized quantum computers could be built, they could have a devastating effect on asymmetric classical cryptographic algorithms such as RSA and elliptic curve signatures and key exchange, as well as (but in smaller scale) on symmetric cryptographic algorithms such as block ciphers, MACs, and hash functions. There has already been a great deal of study on how to create algorithms that will resist large, specialized quantum computers, but so far, the properties of those algorithms make them onerous to adopt before they are needed. Small quantum computers are being built today, but it is still far from clear when large, specialized quantum computers will be built that can recover private or secret keys in classical algorithms at the key sizes commonly used today. It is important to be able to predict when large, specialized quantum computers usable for cryptanalysis will be possible so that organization can change to post-quantum cryptographic algorithms well before they are needed. This document describes quantum computing, how it might be used to attack classical cryptographic algorithms, and possibly how to predict when large, specialized quantum computers will become feasible.

Authors

Paul Hoffman (paul.hoffman@icann.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)